Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    559ab607169f48179abd8c8b1d062d6f.bin

  • Size

    17.4MB

  • Sample

    240326-crp36sef5w

  • MD5

    559ab607169f48179abd8c8b1d062d6f

  • SHA1

    395c3c54d44906ed5029bc3734e02572d4127a43

  • SHA256

    0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072

  • SHA512

    9294385fa90e29353804d971cdaac6df2367cb74b79bedfe564113b437c6b920d686721871a8f510baa32812bc7d8d947ce17094c78908d6bac41582692d60ca

  • SSDEEP

    393216:zEk4gf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1PyOX8WjD+da/:zwbFbX71QtIZS3ILn6ecnyheD+da/

Malware Config

Targets

    • Target

      559ab607169f48179abd8c8b1d062d6f.bin

    • Size

      17.4MB

    • MD5

      559ab607169f48179abd8c8b1d062d6f

    • SHA1

      395c3c54d44906ed5029bc3734e02572d4127a43

    • SHA256

      0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072

    • SHA512

      9294385fa90e29353804d971cdaac6df2367cb74b79bedfe564113b437c6b920d686721871a8f510baa32812bc7d8d947ce17094c78908d6bac41582692d60ca

    • SSDEEP

      393216:zEk4gf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1PyOX8WjD+da/:zwbFbX71QtIZS3ILn6ecnyheD+da/

    • Modifies visiblity of hidden/system files in Explorer

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks